Sunday, 24 April 2011

I can cruise on auto pilot for only so long. Then I need to check my bearings, to confirm that I’m still heading in the right direction. Are my prejudices the same as everyone else’s prejudices? If they are, then that’s probably ok. When they diverge, I need to sit down and work out whether it’s me, or whether it’s them, in terms of whose policy compass needs adjusting.

In data protection terms, I’ve taken a few months off blogging about various events, as I needed to rediscover my own bearings. This has not been a particularly easy process, as I have tried to strip my policy principles back to the basics. I’ve been asking myself some profound questions, like• What is it that I want to do• How should I engage with other people to find out whether their aims are similar• How do I maintain the confidence and trust of these people when it’s apparent that our aims appear to conflict with those held by other opinion formers.

As I’ve been thinking about these things, I’ve sensed that some of the tensions that have been simmering between various data protection practitioners may be about to emerge into the public arena. Proposals for a revised Data Protection Directive will draw all manner of people to the negotiating tables. I don’t think that there’s much wrong with this, although I sense that a few egos will be splashed on the carpet as the familiar arguments are rehearsed. I’m not expecting blood to be spilt. Data Protection isn’t a physical pursuit, in that sense. But I do expect some of the more self righteous of our community to want the world to know just how very very annoyed they are, before they realise that the shining light they are holding is actually attracting very few followers.

In my day job I juggle with a variety of issues. On the one hand, I exist (professionally) to advocate high data protection standards. At the same time, I also campaign for efficient data protection regulation. And finally, I do my best to flex inappropriate data protection laws. I try to weave a common-sense approach to issues where I find that I’m being asked to accommodate the views of the Data Protection Fundamentalists, that group of people for whom no deviation from any EU or UK regulation is ever to be contemplated, period, and the Data Protection Hippies, that group of people who have forgotten the need to respect a concept which has evolved into a more recognisable fundamental human right. It’s the hippies who forget that individuals have a right to be consulted about that which belongs to them. What’s best for the data controller may not always be what’s best for the individual.

The more I think about these competing tensions, the more I realise that its often not appropriate just to plot a path which is mid way between the aspirations of the fundamentalists and the hippies. Why should I always strive for a path that will inflame both sides in equal measures? What is it that I really feel in these circumstances – and does it then really matter whether what I feel is either closer to the heartbeat of the fundamentalist, or closer to the heartbeat of the hippie?

After some 20 years in this data protection game, I’m resetting my mojo. I intend to spend the next phase of my data protection career campaigning for what I feel is best for society as I experience it, rather than feeling that it’s my duty to parrot some line or other, just because it’s the “official” line. I have experienced the nauseating feeling of trying to implement policy, just because some bunch of politicians or bureaucrats felt it politically convenient at a particular time to insert text into an EU Directive that actually no-one really understood then or even understands now. I've had my fill of that. Now, I’m moving into a phase of my professional life where I will empower myself to treat EU Data Protection Directives as instruments which set out the general direction of travel, rather than a detailed route map from which any deviation is forbidden.

And in deviating from the official route map, I fully expect to have some fellow travellers accompany me – at least along part of my journey. Some of them may even be the politicians, bureaucrats or regulators who once thought it was a good idea to insert what will become a stupid or incomprehensible rule. I won’t hold that against them. I’ll just be grateful that they too appreciate that my way is also a way that meets the needs of my fellow citizens.

I’ll continue to be discrete about the identities of all of my fellow travellers. But I do hope they also enjoy the alternative route I’ll occasionally be travelling along as much as me.

About Me

I'm Martin Hoskins, and I started this blog to offer somewhat of an irreverent approach to data protection issues. As time has passed, the tone of my posts have become more serious.
I'm not a "high priest" of data protection. I focus on the principles of transparency, fairness, practicality, risk-assessment and pragmatism when dealing with issues, rather than applying every aspect of every data protection rule.
While I may occasionally appear to criticise various organisations with which I am or have been associated, I write here in an entirely personal capacity, so these comments should never be taken to represent anyone else's views on what I write about.
I occasionally tweet as @DataProtector.
You can contact me at:
info@martinhoskins.com.